Full Disclosure mailing list archives
Re: vswitches: physical networks obsolete?
From: phocean <0x90 () phocean net>
Date: Sun, 06 Feb 2011 18:24:31 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phocean said the following on 06/02/11 16:58:So my worries remain... how do they address this? You don't mean that we have to wait for the next 0-day for the VMware claim to be proved false? There are coding vulnerabilities everywhere.We could wait for the next 0day of HP procurve, Cisco Catalyst or Dell PowerConnect firmware as well ;)
That's exactly why I used to use physical separation and mixed various hardware in each area. What do you do if your infrastructure rely 100% on VMware code?
The history of software bugs so far tells us that, until now, the chance to have a 0day of a firewall is greater than the chance of the 0day of a switch firmware.
I disagree. Not only you can't compare a switch and an firewall (neither in terms of functionality, complexity, exploitation or impact), but L2 has always been vulnerable by design. Easy to attack, huge impact, game over.
I am not telling that switches are bulletproof, I am only talking about probability.
Ok but I would like we get back to the point. Thanks for your feedback, I took note of it. You are just expressing your opinion, as I did. Opinions don't have much value, neither mine nor yours. I am expecting facts, deep studies or specifications. We are talking about major changes in the way we design architectures. It is not something to take lightly, relying only on "right until proven wrong" or "the editor says it's great". Once an architecture has been designed for a company, it is supposed to stay there 10 years or even more. I want to read more answers here. Maybe there have not been any serious research on the topic yet. In that case, I would take the safe side : waiting a few more years until the industry has enough experience on the technology before deploying any full virtual network. - phocean
Ciao, luigi - -- / +--[Luigi Rosa]-- \ Any small object that is accidentally dropped will hide under a larger object. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1O0GkACgkQ3kWu7Tfl6ZTahgCfWVHLy/OD/58XOgN2ovanl/dT LJgAnjtPyYCRujnL/3tzZJ/4K9CcTCF8 =xaty -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Luigi Rosa (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Message not available
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Luigi Rosa (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Albert R. Campa (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Luigi Rosa (Feb 06)
- <Possible follow-ups>
- Re: vswitches: physical networks obsolete? Elazar Broad (Feb 07)